Policy Manual sample

MDT Home Health Care Agency, Inc. DATA INTEGRITY, INFORMATION CONFIDENTIALITY, SECURITY POLICY: The Agency will observe the patient's right to confidentiality of information and will implement processes that assure confidentiality, security and data integrity. PURPOSE: To maintain the security, confidentiality, and integrity of all Agency data and information across all systems (automated and manual). To comply with current federal and state mandates. PROCEDURE 1. Upon admission to the Agency, each patient will be assigned a medical record number. This number is used to facilitate information confidentiality, no specific format is preset. 2. During orientation, all staff will be educated about the confidential and secure nature of medical records and information and to the resulting disciplinary action for willful, unauthorized disclosure of confidential information. Significant changes in policy will be communicated to staff. 3. Any discussion involving patient/family information will be conducted discreetly to avoid accidental disclosure to unauthorized staff. 4. Payor sources may access information as authorized by the Consent/Release of Information form (may be included in the Service Agreement), e.g., Medicare, fiscal intermediaries, Private Insurance, etc. Any information needing to be faxed will have a cover sheet stating the confidential nature of the information. Due to the sensitive nature of certain information, the Agency will take extraordinary means to preserve privacy and confidentiality. 5. Information collected during performance improvement (QAPI) activitiesmay be shared in statistical reporting formats. 6. Information boards will not be displayed in office Patient’s Information. Health data, e.g., schedules. 7. The Agency will monitor staff compliance with confidentiality, privacy and security. Information from monitoring activities and new advancements in technology will be used by leaders to improve confidentiality, privacy and security. 8. The Agency will comply with current applicable HIPAA regulations, including: • Patients are informed of what uses and disclosures of personally identifiable health information and data will be maintained and/or collected. • Personal patient identifiers will be removed to the greatest extent possible for uses and disclosures of health information consistent with maintaining the usefulness of the information. • Protected health information (PHI) (paper or electronic) will be used only for purposes identified and/or as required by current federal and state laws. PHI will not be disclosed without patient authorization. 9. The following have access andmay make entries in and/or review patient'smedical records: patient, patient representative, patient's physician, RN, LPN, PT, PTA, OT, OTA, ST, HHA, MSW, secretary, billing clerk and other home care personnel. Entries in the patient record are authenticated by the author. Information introduced into the patient record through transcription or dictation is authenticated by the author. Note 1: Authentication can be verified through electronic signatures, written signatures or initials, rubber-stamp signatures, or computer key. Note 2: For paper-based records, signatures entered for purposes of authentication after transcription or for verbal orders are dated when required. For electronic records, electronic Home Health Agency Bylaws H-11